trongrid-data-insights

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only TRON analytics skill that queries public blockchain data and has no install scripts, local access, persistence, or mutation behavior.

Install this if you want TRON network activity reports from public blockchain data. Before use, make sure the TronGrid MCP server is legitimate, treat optional web-searched price data as third-party context, and avoid treating address classifications as verified identities.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description uses very broad activation language such as 'network health,' 'daily stats,' 'ecosystem overview,' and 'on-chain analytics,' which can cause the agent to invoke this skill for loosely related TRON or crypto queries. Over-broad invocation increases the chance of unintended tool use, unnecessary external data access, and misleading outputs when the user did not specifically request blockchain analytics.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The instructions explicitly rank and classify 'Most Active Accounts' and suggest labeling them as 'exchange/bot/whale' without any privacy, confidence, or attribution safeguards. This can lead to sensitive profiling, incorrect deanonymization, or reputational harm because blockchain addresses are often pseudonymous and behavioral inference is uncertain.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal